filter {
  if "monit" in [tags] {
    grok {
      match => { "message" => "\[CST %{SYSLOGTIMESTAMP:[monit][timestamp]}\]%{SPACE}%{LOGLEVEL:[monit][level]}%{SPACE}\:%{SPACE}%{GREEDYDATA:[monit][log]}" }
      remove_field => "message"
    }
    date {
      match => [ "[monit][timestamp]", "MMM  d HH:mm:ss", "MMM dd HH:mm:ss", "ISO8601" ]
      remove_field => "[monit][timestamp]"
    }
  }
}
